Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Clicking on websites redirect me to malicious ones.


  • This topic is locked This topic is locked
2 replies to this topic

#1 Vicken

Vicken

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 22 April 2017 - 04:51 AM

Hi, when I click on links, buttons... on websites i.e. YouTube, I get redirected to malicious websites such as reimageplus.com and so... I've tried various antivirus scans but I can't seem to get it away.

 

FRST.txt:

 

Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 20-04-2017
Gestart door sask (Beheerder) op SASK-TMB113-15 (22-04-2017 10:57:12)
Gestart vanaf C:\Users\sask\Downloads
Geladen Profielen: sask (Beschikbare Profielen: sask)
Platform: Windows 10 Pro (X64) Taal: Nederlands (Nederland)
Internet Explorer Versie 11 (Standaardbrowser: Chrome)
Boot Modus: Normal
Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processen (gefilterd) =================
 
(Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Flux Software LLC) C:\Users\sask\AppData\Local\FluxSoftware\Flux\flux.exe
(Polar Electro Oy) C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Users\sask\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Opera Software) C:\Program Files (x86)\Opera\launcher.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files (x86)\Acer\Live Updater\updater.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
 
==================== Register (gefilterd) ====================
 
(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010800 2013-01-17] (Synaptics Incorporated)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2016-09-15] (ELAN Microelectronics Corp.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14522512 2017-04-03] (Copyright 2017.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2013-07-06] (Dritek System Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-205887131-2678400934-313956347-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-205887131-2678400934-313956347-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27230168 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-205887131-2678400934-313956347-1001\...\Run: [f.lux] => C:\Users\sask\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-205887131-2678400934-313956347-1001\...\Run: [Spotify Web Helper] => C:\Users\sask\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2016-12-11] (Spotify Ltd)
HKU\S-1-5-21-205887131-2678400934-313956347-1001\...\Run: [Spotify] => C:\Users\sask\AppData\Roaming\Spotify\Spotify.exe [7095408 2016-12-11] (Spotify Ltd)
HKU\S-1-5-21-205887131-2678400934-313956347-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [1694856 2017-01-26] (BlueStack Systems, Inc.)
HKU\S-1-5-21-205887131-2678400934-313956347-1001\...\Run: [Polar FlowSync] => C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe [1191936 2015-11-19] (Polar Electro Oy)
HKU\S-1-5-21-205887131-2678400934-313956347-1001\...\Run: [GoogleChromeAutoLaunch_DFE548A44F5AF21CD16B393DE9BBC1CF] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1111896 2017-03-29] (Google Inc.)
HKU\S-1-5-21-205887131-2678400934-313956347-1001\...\MountPoints2: {5b09e256-7b7c-11e6-be7d-f8a9639b64ca} - "D:\HiSuiteDownLoader.exe"
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
Startup: C:\Users\sask\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verzenden naar OneNote.lnk [2016-09-29]
ShortcutTarget: Verzenden naar OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (gefilterd) ====================
 
(Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.)
 
Tcpip\Parameters: [DhcpNameServer] 195.130.131.5 195.130.130.5
Tcpip\..\Interfaces\{948e77c4-0a27-4fa4-8336-648676280ec8}: [DhcpNameServer] 195.130.131.5 195.130.130.5
Tcpip\..\Interfaces\{de633fde-411b-427f-a5d3-765cbb139b9a}: [DhcpNameServer] 195.130.131.5 195.130.130.5
Tcpip\..\Interfaces\{ea8d4b8f-7c33-43f8-95e7-84d35f54aa92}: [DhcpNameServer] 10.0.3.254 195.130.130.133 195.130.131.133
 
Internet Explorer:
==================
HKU\S-1-5-21-205887131-2678400934-313956347-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com
HKU\S-1-5-21-205887131-2678400934-313956347-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
URLSearchHook: HKU\S-1-5-21-205887131-2678400934-313956347-1001 - (Geen Naam) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Geen bestand
SearchScopes: HKU\S-1-5-21-205887131-2678400934-313956347-1001 -> DefaultScope {AA7F233D-7EAC-42E9-9B37-0BFF4E1328FC} URL =
SearchScopes: HKU\S-1-5-21-205887131-2678400934-313956347-1001 -> {AA7F233D-7EAC-42E9-9B37-0BFF4E1328FC} URL =
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-24] (Oracle Corporation)
BHO-x32: EgisPBIE Sign-in Helper -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files\Acer ProShield\x86\EgisPBIE.dll => Geen bestand
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-24] (Oracle Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\sask\AppData\Roaming\Mozilla\Firefox\Profiles\9vnueho2.default-1447158472018 [2015-11-10]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => niet gevonden
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => niet gevonden
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files\Acer ProShield\FFExt => niet gevonden
FF HKLM-x32\...\Firefox\Extensions: [{d4da7309-b89a-45ec-8ebb-cfb2ae13618b}] - C:\Program Files\Acer ProShield\FFExt20 => niet gevonden
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => niet gevonden
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [Geen bestand]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1219160.dll [2015-07-23] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-24] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [Geen bestand]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-10] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-02-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
 
Chrome:
=======
CHR NewTab: Default ->  Active:"chrome-extension://ikpapninecmpnphogiiklneddajeeebi/index.html"
CHR Profile: C:\Users\sask\AppData\Local\Google\Chrome\User Data\Default [2017-04-22]
CHR Extension: (Google Drive) - C:\Users\sask\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-15]
CHR Extension: (YouTube) - C:\Users\sask\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-15]
CHR Extension: (Adblock Plus) - C:\Users\sask\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-30]
CHR Extension: (Google Search) - C:\Users\sask\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-21]
CHR Extension: (Mercedes SLS AMG Theme (1280x1024)) - C:\Users\sask\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbknfegcfekehagjbaldbjgoljjdcogf [2016-09-22]
CHR Extension: (Adobe Acrobat) - C:\Users\sask\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-10]
CHR Extension: (Formula 1 New Tab) - C:\Users\sask\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikpapninecmpnphogiiklneddajeeebi [2017-02-20]
CHR Extension: (F1 News) - C:\Users\sask\AppData\Local\Google\Chrome\User Data\Default\Extensions\jchepaljijgokkoflakjioknkfolenbk [2017-02-20]
CHR Extension: (Save to Facebook) - C:\Users\sask\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2017-01-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\sask\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Browsec VPN - Privacy and Security Online) - C:\Users\sask\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2017-04-21]
CHR Extension: (Gmail) - C:\Users\sask\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-21]
CHR Extension: (Chrome Media Router) - C:\Users\sask\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-10]
CHR Profile: C:\Users\sask\AppData\Local\Google\Chrome\User Data\System Profile [2017-03-01]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <niet gevonden>
CHR HKU\S-1-5-21-205887131-2678400934-313956347-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <niet gevonden>
CHR HKLM-x32\...\Chrome\Extension: [ladimmjldcgbeamniagencjbodhnmgen] - C:\Program Files\Acer ProShield\ChromeEx\EgisPBChromeExt.crx <niet gevonden>
 
Opera:
=======
OPR StartupUrls: "hxxp://sask.be/","hxxp://sask.smartschool.be/"
OPR Session Restore: -> is ingeschakeld.
 
==================== Services (gefilterd) ====================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-21] (Broadcom Corp.) [Bestand niet getekend]
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [486936 2017-01-26] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [470552 2017-01-26] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [515608 2017-01-26] (BlueStack Systems, Inc.)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [Bestand niet getekend]
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-16] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2016-09-15] (ELAN Microelectronics Corp.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [328608 2016-09-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2013-07-06] (Dritek System INC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14522512 2017-04-03] (Copyright 2017.)
S4 Iahonpepreus; geen ImagePath
 
===================== Drivers (gefilterd) ======================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2017-01-26] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-11-08] (Bluestack System Inc. )
S1 eLock2BurnerLockDriver; C:\WINDOWS\system32\DRIVERS\eLock2BurnerLockDriver.sys [20072 2013-07-06] (Egis Technology Inc.)
R2 eLock2FSCTLDriver; C:\WINDOWS\System32\DRIVERS\eLock2FSCTLDriver.sys [26264 2013-07-06] (Egis Technology Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-03-22] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-04-21] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [111544 2017-04-22] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-04-22] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251832 2017-04-22] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [92096 2017-04-22] (Malwarebytes)
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3354384 2015-07-10] (Intel Corporation)
R3 Ps2Kb2Hid; C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys [26736 2013-07-06] (Dritek System Inc.)
S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-04-21] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-04-21] (Zemana Ltd.)
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (gefilterd) ===================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 

==================== Een Maand Aangemaakt bestanden en mappen ========
 
(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)
 
2017-04-22 10:57 - 2017-04-22 10:59 - 00022089 _____ C:\Users\sask\Downloads\FRST.txt
2017-04-22 10:56 - 2017-04-22 10:57 - 00000000 ____D C:\FRST
2017-04-22 10:56 - 2017-04-22 10:56 - 02424832 _____ (Farbar) C:\Users\sask\Downloads\FRST64.exe
2017-04-22 10:42 - 2017-04-22 10:42 - 00000000 ___HD C:\OneDriveTemp
2017-04-22 10:41 - 2017-04-22 10:41 - 00016148 _____ C:\WINDOWS\system32\SASK-TMB113-15_sask_HistoryPrediction.bin
2017-04-21 23:57 - 2017-04-21 23:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2017-04-21 23:57 - 2017-04-21 23:57 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2017-04-21 23:56 - 2017-04-21 23:56 - 19709440 ____N (Luis Cobian, CobianSoft) C:\Users\sask\Downloads\cbSetup.exe
2017-04-21 23:30 - 2017-04-21 23:30 - 49040541 ____N C:\Users\sask\Downloads\How to Remove Reimage Repair step by step.mp4
2017-04-21 20:37 - 2017-04-22 10:57 - 00092096 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-04-21 20:37 - 2017-04-22 10:41 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-04-21 20:37 - 2017-04-22 10:41 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-04-21 20:37 - 2017-04-22 10:41 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-04-21 20:37 - 2017-04-21 20:37 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-04-21 20:36 - 2017-04-21 20:36 - 00001876 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-04-21 20:36 - 2017-04-21 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-21 20:36 - 2017-04-21 20:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-21 20:36 - 2017-04-21 20:36 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-21 20:36 - 2017-03-22 11:02 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-04-21 20:35 - 2017-04-21 20:36 - 60107896 ____N (Malwarebytes ) C:\Users\sask\Downloads\mb3-setup-consumer-3.0.6.1469-10103.exe
2017-04-21 18:37 - 2017-04-22 10:58 - 00067225 _____ C:\WINDOWS\ZAM.krnl.trace
2017-04-21 18:37 - 2017-04-22 10:58 - 00039299 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-04-21 18:37 - 2017-04-21 18:37 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-04-21 18:37 - 2017-04-21 18:37 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-04-21 18:37 - 2017-04-21 18:37 - 00001221 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-04-21 18:37 - 2017-04-21 18:37 - 00000000 ____D C:\Users\sask\AppData\Local\Zemana
2017-04-21 18:37 - 2017-04-21 18:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-04-21 18:37 - 2017-04-21 18:37 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-04-21 18:36 - 2017-04-21 18:36 - 05774688 ____N (Zemana Ltd. ) C:\Users\sask\Downloads\Zemana.AntiMalware.Setup.exe
2017-04-21 18:22 - 2017-04-21 18:25 - 00000000 ____D C:\AdwCleaner
2017-04-21 18:22 - 2017-04-21 18:22 - 04089296 ____N C:\Users\sask\Downloads\adwcleaner_6.045.exe
2017-04-21 09:12 - 2017-04-21 09:12 - 00000000 ____D C:\Users\sask\AppData\Local\VideoEditor
2017-04-21 09:12 - 2017-04-21 09:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Editor 12
2017-04-21 09:10 - 2017-04-21 09:10 - 53727624 ____N (Movavi) C:\Users\sask\Downloads\MovaviVideoEditorSetupC_1.exe
2017-04-21 09:10 - 2017-04-21 09:10 - 00005087 ____N C:\ProgramData\czchsjpj.srw
2017-04-21 09:10 - 2017-04-21 09:10 - 00000016 ____N C:\ProgramData\mntemp
2017-04-21 08:52 - 2017-04-21 08:57 - 00000000 ____D C:\Users\sask\Desktop\OC Fysica
2017-04-16 17:13 - 2017-04-16 19:33 - 83381280 ____N C:\Users\sask\Downloads\Ace_Stream_Media_3.1.16.1.exe
2017-04-15 00:08 - 2017-04-16 17:14 - 00007607 ____N C:\Users\sask\AppData\Local\Resmon.ResmonCfg
2017-04-11 13:18 - 2017-04-21 23:40 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2017-04-11 13:12 - 2017-04-11 13:12 - 00000000 ____D C:\Users\sask\AppData\LocalLow\LVGameDev LLC
2017-04-11 13:09 - 2017-04-11 13:09 - 00001014 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2017-04-11 13:09 - 2017-04-11 13:09 - 00000000 ____D C:\Users\sask\AppData\Roaming\WinRAR
2017-04-11 13:09 - 2017-04-11 13:09 - 00000000 ____D C:\Users\sask\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-04-11 13:09 - 2017-04-11 13:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-04-11 13:09 - 2017-04-11 13:09 - 00000000 ____D C:\Program Files\WinRAR
2017-04-11 13:09 - 2017-04-09 01:59 - 00000000 ____D C:\Users\sask\Desktop\SimAirport.v09.04.2017
2017-04-11 13:08 - 2017-04-11 13:09 - 02179856 ____N C:\Users\sask\Downloads\winrar-x64-540.exe
2017-04-11 13:06 - 2017-04-11 13:08 - 218725318 ____N C:\Users\sask\Downloads\SimAirport.v09.04.2017.rar
2017-04-09 18:23 - 2017-04-09 18:23 - 23793864 ____N (Polar Electro Oy ) C:\Users\sask\Downloads\FlowSync_2.6.2.exe
2017-04-09 18:23 - 2017-04-09 18:23 - 00001232 _____ C:\Users\Public\Desktop\Polar FlowSync.lnk
2017-04-09 18:23 - 2017-04-09 18:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Polar
2017-04-09 18:23 - 2017-04-09 18:23 - 00000000 ____D C:\Program Files (x86)\Polar
2017-04-09 16:43 - 2017-04-09 16:43 - 00001116 _____ C:\Users\Public\Desktop\qBittorrent.lnk
2017-04-09 16:43 - 2017-04-09 16:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2017-04-09 16:43 - 2017-04-09 16:43 - 00000000 ____D C:\Program Files (x86)\qBittorrent
2017-04-09 16:41 - 2017-04-09 16:42 - 16846965 ____N (The qBittorrent project) C:\Users\sask\Downloads\qbittorrent_3.3.12_setup.exe
2017-04-09 16:04 - 2017-04-09 16:04 - 00033103 ____N C:\Users\sask\Downloads\F1-GP02-China_[1080p@50]-2017-ingles-SkyF1HD.torrent
2017-04-09 15:15 - 2017-04-09 15:15 - 00000000 ____D C:\Andy
2017-03-31 15:20 - 2017-03-31 15:20 - 00000007 ____N C:\Users\sask\Desktop\Zie Tom.txt
2017-03-27 20:33 - 2017-03-27 20:33 - 00950202 ____N C:\Users\sask\Downloads\PMI 1Q 2015 FS_7.pdf
2017-03-27 08:11 - 2017-03-27 08:11 - 00162664 ____N C:\Users\sask\Downloads\Oppervlakte cirkel en aanverwante figuren.pptx
 
==================== Een Maand Gewijzigd bestanden en mappen ========
 
(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)
 
2017-04-22 10:49 - 2015-08-21 16:54 - 01865506 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-22 10:49 - 2015-07-10 18:09 - 00828026 _____ C:\WINDOWS\system32\perfh013.dat
2017-04-22 10:49 - 2015-07-10 18:09 - 00162458 _____ C:\WINDOWS\system32\perfc013.dat
2017-04-22 10:49 - 2015-07-10 13:02 - 00000000 ____D C:\WINDOWS\INF
2017-04-22 10:43 - 2016-09-15 20:22 - 00000000 ___RD C:\Users\sask\Google Drive
2017-04-22 10:42 - 2015-08-21 17:06 - 00000000 ___RD C:\Users\sask\OneDrive
2017-04-22 10:42 - 2015-08-21 12:15 - 00001086 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-04-22 10:41 - 2016-09-19 09:54 - 00000000 __SHD C:\Users\sask\IntelGraphicsProfiles
2017-04-22 10:40 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-22 10:27 - 2015-07-10 11:05 - 00131072 ___SH C:\WINDOWS\system32\config\BBI
2017-04-22 10:24 - 2015-08-21 12:15 - 00001090 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-04-21 18:23 - 2015-07-10 13:04 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-21 18:23 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-21 13:36 - 2015-08-21 16:37 - 00000000 ____D C:\Users\sask
2017-04-19 21:03 - 2013-07-06 01:12 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-04-19 20:35 - 2015-08-17 14:48 - 00000000 ____D C:\Users\sask\AppData\Local\Packages
2017-04-18 11:44 - 2015-08-21 12:26 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-04-18 11:43 - 2015-08-21 12:26 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-17 12:47 - 2016-10-03 10:55 - 00000000 ____D C:\Users\sask\AppData\Roaming\qBittorrent
2017-04-15 23:54 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-04-15 00:14 - 2017-01-11 22:25 - 00000000 ____D C:\Users\sask\AppData\Local\ElevatedDiagnostics
2017-04-12 20:26 - 2015-08-21 17:06 - 00002428 ____N C:\Users\sask\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-11 13:17 - 2017-03-14 15:26 - 00000000 ____D C:\Users\sask\AppData\Roaming\Andy
2017-04-11 13:15 - 2017-03-14 15:40 - 00000000 ____D C:\Users\sask\AppData\Roaming\VMware
2017-04-09 15:28 - 2015-08-21 12:16 - 00002296 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-08 00:06 - 2016-09-15 19:53 - 00532136 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-03-29 21:24 - 2016-09-15 20:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-03-27 08:11 - 2016-09-16 07:47 - 00000441 ____N C:\WINDOWS\BRWMARK.INI
2017-03-27 08:11 - 2016-09-16 07:47 - 00000034 _____ C:\WINDOWS\SysWOW64\BD2030.DAT
 
==================== Bestanden in de root van sommige mappen =======
 
2017-03-18 13:52 - 2017-03-18 13:52 - 0000747 ____N () C:\Users\sask\AppData\Local\recently-used.xbel
2017-04-15 00:08 - 2017-04-16 17:14 - 0007607 ____N () C:\Users\sask\AppData\Local\Resmon.ResmonCfg
2017-02-07 12:24 - 2016-11-23 15:37 - 0000570 ____N () C:\Users\sask\AppData\Local\TroubleshooterConfig.json
2017-04-21 09:10 - 2017-04-21 09:10 - 0005087 ____N () C:\ProgramData\czchsjpj.srw
2017-04-21 09:10 - 2017-04-21 09:10 - 0000016 ____N () C:\ProgramData\mntemp
 
Sommige bestanden in TEMP:
====================
2017-02-24 16:04 - 2014-10-28 07:49 - 0060296 ____N (Autodesk, Inc.) C:\Users\sask\AppData\Local\Temp\AcDeltree.exe
2016-09-28 22:57 - 2016-09-28 22:57 - 16749056 ____N () C:\Users\sask\AppData\Local\Temp\javagiac0.08994301077634148.dll
2017-04-20 15:18 - 2017-04-20 15:18 - 16353792 ____N () C:\Users\sask\AppData\Local\Temp\javagiac0.144745447256314.dll
2016-09-29 11:40 - 2016-09-29 11:40 - 16752128 ____N () C:\Users\sask\AppData\Local\Temp\javagiac0.3400273414530133.dll
2016-09-29 11:59 - 2016-09-29 11:59 - 16752128 ____N () C:\Users\sask\AppData\Local\Temp\javagiac0.36462458688623833.dll
2016-09-22 11:45 - 2016-09-22 11:45 - 16734208 ____N () C:\Users\sask\AppData\Local\Temp\javagiac0.6058457724707524.dll
2016-10-21 15:39 - 2016-10-21 15:39 - 16784384 ____N () C:\Users\sask\AppData\Local\Temp\javagiac0.7292954667427406.dll
2016-09-29 15:50 - 2016-09-29 15:50 - 16752128 ____N () C:\Users\sask\AppData\Local\Temp\javagiac0.7409695957964243.dll
2017-04-20 15:18 - 2017-04-20 15:18 - 16352256 ____N () C:\Users\sask\AppData\Local\Temp\javagiac0.8113232562613371.dll
2016-12-05 15:29 - 2016-12-05 15:29 - 16955392 ____N () C:\Users\sask\AppData\Local\Temp\javagiac0.8410545614217556.dll
2016-09-16 10:05 - 2016-09-16 10:05 - 11070976 ____N () C:\Users\sask\AppData\Local\Temp\javagiac0.8670207507148258.dll
2016-12-05 14:55 - 2016-12-05 14:55 - 16955392 ____N () C:\Users\sask\AppData\Local\Temp\javagiac0.9578761689040993.dll
2015-11-10 14:30 - 2015-11-10 14:30 - 0585824 ____N (Oracle Corporation) C:\Users\sask\AppData\Local\Temp\jre-8u65-windows-au.exe
2017-04-11 13:14 - 2017-02-03 15:20 - 1342792 ____N (Andy OS, inc.) C:\Users\sask\AppData\Local\Temp\RemoveTemp.exe
2016-12-04 12:19 - 2016-12-04 12:19 - 0192512 ____N () C:\Users\sask\AppData\Local\Temp\sfamcc00001.dll
2015-02-10 19:56 - 2015-02-10 19:56 - 0105984 ____N () C:\Users\sask\AppData\Local\Temp\sfextra.dll
 
==================== Bamital & volsnap ======================
 
(Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)
 
C:\WINDOWS\system32\winlogon.exe => Bestand is getekend
C:\WINDOWS\system32\wininit.exe => Bestand is getekend
C:\WINDOWS\explorer.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\explorer.exe => Bestand is getekend
C:\WINDOWS\system32\svchost.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\svchost.exe => Bestand is getekend
C:\WINDOWS\system32\services.exe => Bestand is getekend
C:\WINDOWS\system32\User32.dll => Bestand is getekend
C:\WINDOWS\SysWOW64\User32.dll => Bestand is getekend
C:\WINDOWS\system32\userinit.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\userinit.exe => Bestand is getekend
C:\WINDOWS\system32\rpcss.dll => Bestand is getekend
C:\WINDOWS\system32\dnsapi.dll => Bestand is getekend
C:\WINDOWS\SysWOW64\dnsapi.dll => Bestand is getekend
C:\WINDOWS\system32\Drivers\volsnap.sys => Bestand is getekend
 
LastRegBack: 2017-04-21 21:25
 
==================== Eind van FRST.txt ============================
 
Addition.txt:
 
Wont paste in here for some reason. See Attached files
 
Attached File  Addition.txt   41.34KB   4 downloads

Attached File  FRST.txt   34.16KB   0 downloads



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:01 AM

Posted 23 April 2017 - 09:13 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [LManager] => [X]
URLSearchHook: HKU\S-1-5-21-205887131-2678400934-313956347-1001 - (Geen Naam) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Geen bestand
BHO-x32: EgisPBIE Sign-in Helper -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files\Acer ProShield\x86\EgisPBIE.dll => Geen bestand
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [Geen bestand]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [Geen bestand]
CHR Extension: (Chrome Web Store Payments) - C:\Users\sask\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Browsec VPN - Privacy and Security Online) - C:\Users\sask\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2017-04-21]
CHR Extension: (Chrome Media Router) - C:\Users\sask\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-10]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
Task: {3B812D6A-D61F-4CA3-A63B-FA4C58B2E3B7} - \Microsoft\Windows\Offline Files\Background Synchronization -> Geen bestand <==== AANDACHT
Task: {76DC1A83-B9BC-44E3-AB9C-57FD2F3D0023} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> Geen bestand <==== AANDACHT
Task: {D8AD204C-B4EF-4185-B285-28CFFABF4C00} - \Microsoft\Windows\Offline Files\Logon Synchronization -> Geen bestand <==== AANDACHT
2016-09-28 22:57 - 2016-09-28 22:57 - 16749056 ____N () C:\Users\sask\AppData\Local\Temp\javagiac0.08994301077634148.dll
2017-04-20 15:18 - 2017-04-20 15:18 - 16353792 ____N () C:\Users\sask\AppData\Local\Temp\javagiac0.144745447256314.dll
2016-09-29 11:40 - 2016-09-29 11:40 - 16752128 ____N () C:\Users\sask\AppData\Local\Temp\javagiac0.3400273414530133.dll
2016-09-29 11:59 - 2016-09-29 11:59 - 16752128 ____N () C:\Users\sask\AppData\Local\Temp\javagiac0.36462458688623833.dll
2016-09-22 11:45 - 2016-09-22 11:45 - 16734208 ____N () C:\Users\sask\AppData\Local\Temp\javagiac0.6058457724707524.dll
2016-10-21 15:39 - 2016-10-21 15:39 - 16784384 ____N () C:\Users\sask\AppData\Local\Temp\javagiac0.7292954667427406.dll
2016-09-29 15:50 - 2016-09-29 15:50 - 16752128 ____N () C:\Users\sask\AppData\Local\Temp\javagiac0.7409695957964243.dll
2017-04-20 15:18 - 2017-04-20 15:18 - 16352256 ____N () C:\Users\sask\AppData\Local\Temp\javagiac0.8113232562613371.dll
2016-12-05 15:29 - 2016-12-05 15:29 - 16955392 ____N () C:\Users\sask\AppData\Local\Temp\javagiac0.8410545614217556.dll
2016-09-16 10:05 - 2016-09-16 10:05 - 11070976 ____N () C:\Users\sask\AppData\Local\Temp\javagiac0.8670207507148258.dll
2016-12-05 14:55 - 2016-12-05 14:55 - 16955392 ____N () C:\Users\sask\AppData\Local\Temp\javagiac0.9578761689040993.dll
2015-11-10 14:30 - 2015-11-10 14:30 - 0585824 ____N (Oracle Corporation) C:\Users\sask\AppData\Local\Temp\jre-8u65-windows-au.exe
2017-04-11 13:14 - 2017-02-03 15:20 - 1342792 ____N (Andy OS, inc.) C:\Users\sask\AppData\Local\Temp\RemoveTemp.exe
2016-12-04 12:19 - 2016-12-04 12:19 - 0192512 ____N () C:\Users\sask\AppData\Local\Temp\sfamcc00001.dll
2015-02-10 19:56 - 2015-02-10 19:56 - 0105984 ____N () C:\Users\sask\AppData\Local\Temp\sfextra.dll


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old versions of Java via the Control Panel > Programs > Programs and Features.
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)

Please let me know what problem persists with this computer.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:01 AM

Posted 29 April 2017 - 07:08 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users